Question One:

a) Confidentiality:

Confidentiality in cybersecurity refers to the protection of sensitive information from unauthorized

access or disclosure. Examples include encrypting sensitive data like passwords, using access controls to
restrict file access, and implementing secure communication protocols.

b) Integrity:

Integrity ensures data remains accurate and unaltered. Examples include using digital signatures to
verify the authenticity of files, implementing version control systems, and regularly checking data for
tampering.

Question Four:

a) Types of Password Attacks and How to Protect Against Them:

1. Brute Force Attack: In a brute force attack, an attacker tries all possible password combinations until
the correct one is found. To protect against this, systems administrators can implement account lockout
policies that lock an account after a certain number of failed login attempts.

2. Dictionary Attack: In a dictionary attack, attackers use a list of common passwords or words to guess
the password. To protect against this, administrators should enforce strong password policies and
encourage users to use complex, unique passwords.

3. Phishing: Phishing attacks trick users into revealing their passwords. Administrators can educate
users about the dangers of phishing and implement email filtering to reduce the chances of phishing
emails reaching users’ inboxes.

b) Role of Administration or Management in Access Control:

1. Policy Development: Management is responsible for creating access control policies that define who
has access to what resources and under what conditions.

2. Risk Assessment: Management plays a role in evaluating the risks associated with various access
control decisions and balancing security with operational needs.
 3. Resource Allocation: Management allocates resources for access control, including budget for
security measures, personnel, and technology.

4. Oversight: Management provides oversight to ensure policies and procedures are followed.

5. Compliance: Management ensures that access control practices adhere to legal and regulatory
requirements.

c) Physical Access Controls:

1. Biometric Access: Use of fingerprint or iris scans for physical access.

2. Card-Based Access: Employees use ID cards or keycards to gain access to secure areas.

Question Five:

Circumstances of Real Damage and High Cost to Information Systems:

a) Criticality of information attacked:

Real damage occurs when critical information like customer data, intellectual property, or financial
records are compromised, leading to financial loss or reputation damage.

b) Availability of the IS:

High costs are incurred when an attack disrupts the availability of the Information System, causing
downtime, lost productivity, and revenue loss.

c) Possibility of recovery:

If data is not properly backed up, and recovery measures are not in place, the cost of restoring
information systems after an attack can be substantial.

D) Cost to the organization:

Damage is evident when the organization incurs significant financial costs, including legal fees, fines,
incident response, and costs associated with notifying affected parties.

Question Six:
Harm from Unauthorized Modification:

a) Medical information:

1. Misdiagnosis: Unauthorized modification can result in patients receiving incorrect treatment.

2. Privacy breach: Tampering with medical records can lead to privacy violations and identity theft.

b) Election information:

1. Fraud: Unauthorized modifications can manipulate election results, undermining the democratic
process.

2. Loss of trust: It can erode public trust in the electoral system.

c) Examination body data:

1. Cheating: Unauthorized changes can allow candidates to cheat on exams.

2. Unfair outcomes: Tampering can lead to unfair assessment and results.

d) Online order information:

1. Financial loss: Unauthorized changes to orders can result in financial losses for customers and the
business.

2. Reputation damage: Mishandling online orders can harm a company’s reputation.

Question Seven:

Ten Best Practices of Access Control:

1. Principle of Least Privilege: Grant users the minimum level of access needed to perform their job.

2. Strong Password Policies: Enforce complex and frequently changed passwords.

3. Multi-Factor Authentication: Implement MFA for added security.

4. Regular Access Reviews: Periodically review and update user access rights.

5. Role-Based Access Control: Assign access based on job roles and responsibilities.
6. Access Logging and Monitoring: Keep logs of access attempts and monitor for suspicious activity.

7. Encryption: Protect data at rest and in transit using encryption.

8. Physical Security: Secure physical access to servers and data centers.

9. Training and Awareness: Educate users on best security practices.

10. Incident Response Plan: Have a plan in place to respond to security incidents.

c) Availability of data:

Availability ensures data is accessible when needed. Examples include redundant servers to minimize
downtime, load balancing to distribute traffic, and disaster recovery plans to recover data in case of
failures.

d) Non-Repudiation:

Non-repudiation ensures that a sender cannot deny sending a message, and a recipient cannot deny
receiving it. Examples include digital signatures for email communication, timestamping for legal
documents, and transaction logs in financial systems.

Question Two:

→ a) Physical Database Integrity:

This involves safeguarding the physical components of the database, such as servers and storage
devices, to prevent unauthorized access or tampering.

b) Auditability:

Auditability refers to the ability to track and monitor activities within the database, ensuring that any
unauthorized or suspicious actions can be detected and investigated.

c) Access control:

Access control restricts who can access, modify, or delete data within the database, typically using
permissions, roles, and policies.

d) User authentication:
 User authentication ensures that only authorized individuals can access the database, often through
methods like username/password, two-factor authentication, or biometrics.

e) Availability:

Availability ensures that the database is consistently accessible, typically achieved through redundancy,
backup systems, and disaster recovery plans.

Question Three:

a) Authentication Questions:

1. What is your mother's maiden name?

2. In which city were you born?

3. What is the name of your first pet?

b) Reasons for the Questions:

1. Mother's maiden name: This question is important because it's not typically publicly available
information and can help verify a person's identity.

2. Birthplace: This question is relevant as it's specific to the individual and not easily accessible to
impostors.

3. First pet's name: This question relies on unique personal history, making it difficult for impostors to
guess.

Four Examples of Biometrics Authentication Methods:

1. Fingerprint recognition:

This method is appropriate for securing smartphones and physical access control due to the
uniqueness of fingerprints.

2. Iris scanning:

Iris scans are suitable for high-security environments like government facilities and data centers
because they offer a high level of accuracy.
3. Facial recognition:

Facial recognition is used in applications like unlocking smartphones and user authentication in online
services.

4. Voice recognition:

Voice biometrics can be employed for telephone banking and call center authentication, providing a
convenient and secure way to verify users by their voiceprint.